Y
Hacker News
new
|
ask
|
show
|
jobs
by
eru
155 days ago
> What if GitHub’s token scanning service went down.
If it's a secret gist, you only exposed the attacker's key to github, but not to the wider public?
1 comments
OJFord
155 days ago
They mean it went down as in stopped working, had some outage; so you've tried to use it as a token revocation service, but it doesn't work (or not as quickly as you expect).
link
eru
155 days ago
Sure, that's a valid worry. Though that's not all that different from a special purpose public token revocation service: they can also go down.
link
OJFord
154 days ago
True, just more to rely on with the scanning too I suppose.
link